} //injected by IOC
public object Get(LoginRequest LoginDetails)
{
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner != null)
{
Uri redirectURI = null;
Uri current = new Uri(Request.AbsoluteUri);
if (!Uri.TryCreate(LoginDetails.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && current.Host != redirectURI.Host))
{
LoginDetails.errors = new string[]
{
"Invalid Redirect URI",
};
return(new HttpResult(LoginDetails)
{
StatusCode = System.Net.HttpStatusCode.BadRequest,
StatusDescription = "Invalid Redirect URI",
});
}
else
{
return(new HttpResult(LoginDetails)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Headers = { { HttpHeaders.Location, redirectURI.ToString() } },
});
}
}
return(LoginDetails);
}
protected DataModels.Approval Approve(DataModels.Client Client, DataModels.ResourceOwner Owner, string Scope)
{
DataModels.Approval approval = ApprovalModel.GetApproval(Client, Owner);
if (approval == null || TokenHelper.MissingScopesArray(Scope, approval.scope).Length != 0)
{
string apprUrl = Request.GetApplicationUrl();
if (!apprUrl.EndsWith("/"))
{
apprUrl += '/';
}
UriBuilder bldr = new UriBuilder(apprUrl);
bldr.Path += "approval";
string query = "client_id=" + Client.id + "&redirect=" + Request.AbsoluteUri.UrlEncode();
if (Scope != null)
{
query += "&scope=" + Scope.UrlEncode();
}
bldr.Query = query;
Response.AddHeader("Location", bldr.ToString());
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
return(null);
}
return(approval);
}
} //injected by IOC
public T Authorize <T>(DataModels.ITokenRequest Request, OAuth2.DataModels.Client Client = null)
where T : DataModels.Token, new()
{
var accounts = AccountModel.GetAccount(Request.username, Request.password);
if (accounts == null || accounts.Count == 0)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid username or password", Request);
}
DataModels.ResourceOwner owner = new DataModels.ResourceOwner()
{
id = accounts[0].username,
time = DateTime.UtcNow.Millisecond,
attributes = accounts[0].ToDictonary(),
};
ResourceOwnerModel.CreateOrUpdate(owner);
T token =
TokenModel.InsertToken <T>(
TokenHelper.CreateAccessToken(),
DataModels.TokenTypes.bearer,
3600,
DateTime.UtcNow.GetTotalSeconds(),
Client,
TokenHelper.IntersectScopes(Request.scope, Client.allowed_scope),
owner);
if (token == null)
{
throw new OAuth2.DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unable to store access token");
}
return(token);
}
public object Get(ApprovalRequest ApprovalRequest)
{
Uri redirectURI = null;
Uri current = new Uri(Request.AbsoluteUri);
ApprovalData data = new ApprovalData();
if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = ApprovalRequest.redirect;
DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (user == null)
{
UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl());
bldr.Path += "/auth/login";
bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode();
return(new HttpResult(data)
{
Headers = { { "Location", bldr.ToString() } },
StatusCode = System.Net.HttpStatusCode.Redirect,
});
}
data.User = user;
DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
if (!string.IsNullOrWhiteSpace(client.owned_by))
{
data.Owner = ResourceOwnerModel.GetByID(client.owned_by);
}
data.Client = client;
string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries);
List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList();
if (scopeDetails.Count != scopes.Length)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data);
}
data.RequestedScopes = scopeDetails;
return((IApprovalData)data);
}
public static OAuth2.DataModels.ResourceOwner CreateOrUpdateFromAccountModel(this OAuth2.Server.Model.IResourceOwnerModel Model, AccountResponse Account)
{
OAuth2.DataModels.ResourceOwner owner = new DataModels.ResourceOwner()
{
id = Account.account_id.ToString(),
time = DateTime.UtcNow.GetTotalSeconds(),
attributes = Account.ToDictonary(),
};
if (Model.CreateOrUpdate(owner))
{
return(owner);
}
return(null);
}
protected void HandleCodeGrant(ITokenRequest TokenRequest, DataModels.Client Client)
{
if (Client.type == DataModels.ClientTypes.user_agent_based_application || string.IsNullOrWhiteSpace(Client.secret))
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.unauthorized_client, "Only secure clients are supported for code grants");
}
DataModels.ResourceOwner owner = Authenticate();
if (owner == null)
{
return;
}
DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope);
if (approval == null)
{
return;
}
DataModel.AuthorizationCode code = CodeGrantHanldler.Authorize(TokenRequest, approval, Client, owner);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unknown server error");
}
string redirect = GetRedirectURI(TokenRequest, Client);
UriBuilder bldr = new UriBuilder(redirect);
string queryParms = "code=" + code.authorization_code;
if (!string.IsNullOrWhiteSpace(code.scope))
{
queryParms += "&scope=" + code.scope.UrlEncode();
}
if (TokenRequest.state != null)
{
queryParms += "&state=" + TokenRequest.state.UrlEncode();
}
bldr.Query = queryParms;
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
Response.AddHeader("Location", bldr.ToString());
return;
}
protected void HandleTokenGrant(ITokenRequest TokenRequest, DataModels.Client Client)
{
DataModels.ResourceOwner owner = Authenticate();
if (owner == null)
{
return;
}
DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope);
if (approval == null)
{
return;
}
DataModels.TokenResponse token = TokenGrantHandler.Authorize <DataModels.TokenResponse>(Client, owner, approval.scope);
token.state = TokenRequest.state.UrlEncode();
string toRedirect = GetRedirectURI(TokenRequest, Client);
if (toRedirect == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "No Registerd Redirect URI");
}
UriBuilder bldr = new UriBuilder(toRedirect);
if (Client.type == DataModels.ClientTypes.web_application)
{
bldr.Query += token.ToURIString();
}
else
{
if (!string.IsNullOrWhiteSpace(bldr.Fragment))
{
bldr.Fragment = bldr.Fragment.SafeSubstring(1, bldr.Fragment.Length - 1) + '?' + token.ToURIString();
}
else
{
bldr.Fragment = token.ToURIString();
}
}
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
Response.AddHeader("Location", bldr.ToString());
return;
}
public void RequestFilter(IHttpRequest req, IHttpResponse res, object requestDto)
{
string auth = req.Headers.Get("Authorization");
bool validUser = false;
if (!string.IsNullOrWhiteSpace(auth))
{
Match rawToken = MATCH_TOKEN.Match(auth);
if (rawToken.Success && rawToken.Groups["token_type"].Success && rawToken.Groups["token"].Success)
{
DataModels.Token token = TokenModel.GetToken <DataModels.Token>(rawToken.Groups["token"].Value);
req.Items.Add("auth:rawtoken", rawToken);
if (SetToken)
{
req.Items.Add("auth:token", token);
}
if (SetClient)
{
req.Items.Add("auth:client", ClientModel.GetClientByID(token.client_id));
}
if (!string.IsNullOrWhiteSpace(token.resource_owner_id) && SetUser)
{
DataModels.ResourceOwner owner = ResourceOwnerModel.GetByID(token.resource_owner_id);
if (owner != null)
{
req.Items.Add("auth:user", owner);
validUser = true;
}
}
}
}
if (RequireValidUser && !validUser)
{
res.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
res.StatusDescription = "Valid bearer token required";
res.AddHeader("WWW-Authenticate", "OAuth2 realm=\"{0}\"".Fmt(req.GetApplicationUrl()));
res.Close();
}
}
protected DataModels.ResourceOwner Authenticate()
{
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner == null)
{
string apprUrl = Request.GetApplicationUrl();
if (!apprUrl.EndsWith("/"))
{
apprUrl += '/';
}
UriBuilder bldr = new UriBuilder(apprUrl);
bldr.Path += "auth/login";
bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode();
Response.AddHeader("Location", bldr.ToString());
Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect;
return(null);
}
return(owner);
}
public object Post(ApprovalResponse ApprovalResponse)
{
ApprovalData data = new ApprovalData();
data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
Request.Items.Add("Model", data);
data.Redirect = ApprovalResponse.redirect;
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse);
}
Uri redirectURI = null;
if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) ||
(redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = redirectURI.ToString();
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data);
}
data.Owner = owner;
DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
data.Client = client;
List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList();
string scope = "";
if (scopes != null)
{
scopes.ForEach((cur) => scope += cur.scope_name + " ");
}
data.RequestedScopes = scopes;
DataModels.Approval approval = new DataModels.Approval()
{
client_id = client.id,
resource_owner_id = owner.id,
type = DataModels.ApprovalTypes.user_granted,
scope = scope,
};
if (!ApprovalModel.AddOrUpdateApproval(approval))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data);
}
return(new HttpResult(data)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Location = ApprovalResponse.redirect
});
}
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, string Scope = "", string RedirectURI = null)
{
return(InsertAuthorizationCode(AuthorizationCode, Client.id, ResourceOwner.id, IssueTime, Scope, RedirectURI));
}
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, List <DataModels.Scope> Scope, Uri RedirectURI)
{
return(InsertAuthorizationCode(AuthorizationCode, Client, ResourceOwner, IssueTime, Scope, (RedirectURI != null) ? RedirectURI.ToString() : null));
}
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, List <DataModels.Scope> Scope, string RedirectURI)
{
string scope = "";
if (Scope != null)
{
foreach (DataModels.Scope scopeDesc in Scope)
{
scope += scopeDesc.scope_name + " ";
}
scope = scope.Trim();
}
return(InsertAuthorizationCode(AuthorizationCode, Client, ResourceOwner, IssueTime, scope, RedirectURI));
}
public Server.DataModel.AuthorizationCode Authorize(DataModels.ITokenRequest Request, DataModels.Approval Approval, DataModels.Client Client, DataModels.ResourceOwner Owner)
{
Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.InsertAuthorizationCode(
Extension.TokenHelper.CreateAccessToken(), Client, Owner, DateTime.Now.GetTotalSeconds(), Approval.scope, Request.redirect_uri);
if (code == null)
{
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error storing access code");
}
if (string.IsNullOrWhiteSpace(Approval.refresh_token))
{
Approval.refresh_token = Extension.TokenHelper.CreateAccessToken();
if (!ApprovalModel.AddOrUpdateApproval(Approval))
{
AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri);
throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error updating approval");
}
}
return(code);
}
public T InsertToken <T>(string AccessToken, DataModels.TokenTypes TokenType, long ExpiresIn, long IssuedTime, DataModels.Client Client, IEnumerable <DataModels.Scope> Scope, DataModels.ResourceOwner ResourceOwner = null, string RefreshToken = null)
where T : DataModels.Token, new()
{
string scope = "";
if (Scope != null)
{
foreach (DataModels.Scope scopeDetails in Scope)
{
scope += scopeDetails.scope_name + " ";
}
scope = scope.Trim();
}
return(InsertToken <T>(AccessToken, TokenType, ExpiresIn, IssuedTime, Client.id, scope, ResourceOwner.id, RefreshToken));
}
public T InsertToken <T>(string AccessToken, DataModels.TokenTypes TokenType, long ExpiresIn, long IssuedTime, DataModels.Client Client, string Scope = "", DataModels.ResourceOwner ResourceOwner = null, string RefreshToken = null)
where T : DataModels.Token, new()
{
return(InsertToken <T>(AccessToken, TokenType, ExpiresIn, IssuedTime, Client.id, Scope, ResourceOwner.id, RefreshToken));
}
